Malware Detected Attacking Software used for Trading Stocks Online

Security researchers at Group-IB the Russia-based cyber-crime investigation firm, lately, discovered one fresh malware strain capturing credentials when special kind of applications ran with which stocks as well as other securities were traded on the Internet.

The researchers said that the malware aimed attack on online trading software known as FOCUS and QUIK obtainable from EGAR Technology and ARQA Technologies, both Russian software manufacturing companies, separately, with FOCUS and QUIK described as Vonline. Itworld.com published this dated April 18, 2013.

Group-IB stated that the trading software was getting utilized at Saint Petersburg Exchange, MICEX (Moscow Exchange), Ukrainian Exchange along with more exchanges. Brokerage companies such as Russia's InstaForex, UK's Otkritie and Cyprus' BrokerCreditService also utilized it just as prominent banks namely Promsvyazbank, Alfa-Bank and Sberbank did.

The malware, when installed onto any PC, formerly finds out if the applications exist within the OS following which it starts tracking the end-user's activities as well as extracts the related information via the seizure of credentials and screenshots that subsequently get dispatched to the malware operator's command-and-control (C&C ) server.

A Group-IB expert named Andrey Komarov stated that the malicious program, which attacked online trading, happened to be a spyware called Ranbyus' variant that helped in contaminating Windows computers while aiming at Internet-banking consumers. TheRegister published this dated April 17, 2013.

Komarov elaborated that the malware appeared pretty like ZeuS in functionality since it utilized certain module that spawned Virtual Network Computing while enabled the hacker to remain linked with the contaminated computer totally from the remote as also for committing fraud quietly. Naturally, it flied under the radar of anti-fraud defenses since seizure of the credentials and other information would occur via the identical Internet Protocol address, he added.

However, making his company's standard recommendation, Head of Business Development Vladimir Kurlyandchik of ARQA Technologies said that Internauts must utilize usual modes of anti-virus filters incase their PCs had active financial software while being part of public networks.

Also, suppose there was any doubt about Internauts' account getting illegitimately accessed then, as per another standard recommendation, they must instantly begin altering the access keys, Kurlyandchik added.